some bugfix

dom.js

@@ -828,10 +828,7 @@ CharacterData.prototype = {
 
 	},
 	appendChild:function(newChild){
-		//if(!(newChild instanceof CharacterData)){
-			throw new Error(ExceptionMessage[3])
-		//}
-		return Node.prototype.appendChild.apply(this,arguments)
+		throw new Error(ExceptionMessage[HIERARCHY_REQUEST_ERR])
 	},
 	deleteData: function(offset, count) {
 		this.replaceData(offset,count,"");
@@ -939,7 +936,8 @@ function nodeSerializeToString(isHtml,nodeFilter){
 	return buf.join('');
 }
 function needNamespaceDefine(node,isHTML, visibleNamespaces) {
-	var prefix = node.prefix,uri = node.namespaceURI;
+	var prefix = node.prefix||'';
+	var uri = node.namespaceURI;
 	if (!prefix && !uri){
 		return false;
 	}
@@ -1005,15 +1003,21 @@ function serializeToString(node,buf,isHTML,nodeFilter,visibleNamespaces){
 		for(var i=0;i<len;i++){
 			var attr = attrs.item(i);
 			if (needNamespaceDefine(attr,isHTML, visibleNamespaces)) {
-				buf.push(attr.prefix ? ' xmlns:' + attr.prefix : " xmlns", "='" , attr.namespaceURI , "'");
-				visibleNamespaces.push({ prefix: attr.prefix, namespace: attr.namespaceURI });
+				var prefix = attr.prefix||'';
+				var uri = attr.namespaceURI;
+				var ns = prefix ? ' xmlns:' + prefix : " xmlns";
+				buf.push(ns, '="' , uri , '"');
+				visibleNamespaces.push({ prefix: prefix, namespace:uri });
 			}
 			serializeToString(attr,buf,isHTML,nodeFilter,visibleNamespaces);
 		}
 		// add namespace for current node		
 		if (needNamespaceDefine(node,isHTML, visibleNamespaces)) {
-			buf.push(node.prefix ? ' xmlns:' + node.prefix : " xmlns", "='" , node.namespaceURI , "'");
-			visibleNamespaces.push({ prefix: node.prefix, namespace: node.namespaceURI });
+			var prefix = node.prefix||'';
+			var uri = node.namespaceURI;
+			var ns = prefix ? ' xmlns:' + prefix : " xmlns";
+			buf.push(ns, '="' , uri , '"');
+			visibleNamespaces.push({ prefix: prefix, namespace:uri });
 		}
 
 		if(child || isHTML && !/^(?:meta|link|img|br|hr|input)$/i.test(nodeName)){

package.json

@@ -1,6 +1,6 @@
 {
-  "name": "xmldom-alpha",
-  "version": "0.1.24",
+  "name": "xmldom",
+  "version": "0.1.27",
   "description": "A W3C Standard XML DOM(Level2 CORE) implementation and parser(DOMParser/XMLSerializer).",
   "keywords": ["w3c","dom","xml","parser","javascript","DOMParser","XMLSerializer"],
   "author": "jindw <[email protected]> (http://www.xidea.org)",

test/dom/ns-test.js

@@ -0,0 +1,60 @@
+"use strict";
+var xdom = require('xmldom');
+var wows = require('vows');
+var assert = require('assert');
+var DOMParser = require('xmldom').DOMParser;
+var XMLSerializer = require('xmldom').XMLSerializer;
+
+
+// Create a Test Suite
+wows.describe('XML Namespace Parse').addBatch({
+	"testlitecns":function(){
+		var assert = assert || {equal:function(v1,v2){console.assert(v1==v2,v1+'!='+v2)}}
+		var doc = new DOMParser({
+			xmlns:{'c':'http://www.xidea.org/lite/core','':'http://www.w3.org/1999/xhtml'}
+		}).parseFromString('<html><body><c:var name="a" value="${1}"/></body></html>', "text/xml");
+		//console.log(String(doc))
+		var el = doc.getElementsByTagName('c:var')[0];
+		console.log(String(el.namespaceURI))
+		console.log(String(doc))
+	},
+	//ignore default prefix xml attribute 
+	"test":function(){
+		var assert = assert || {equal:function(v1,v2){console.assert(v1==v2,v1+'!='+v2)}}
+		// Just for debugging
+		var w3 = "http://www.w3.org/1999/xhtml";
+		var n1 = "http://www.frankston.com/public";
+		var n2 = "http://rmf.vc/n2";
+		var n3 = "http://rmf.vc/n3";
+		var hx = '<html test="a" xmlns="' + w3 + '" xmlns:rmf="' + n1 + '"><rmf:foo hello="asdfa"/></html>';
+
+		var doc = new DOMParser().parseFromString(hx, "text/xml");
+		//console.log(de.prefix,de.getAttributeNode('xmlns').prefix)
+		var els = [].slice.call(doc.documentElement.getElementsByTagNameNS(n1, "foo"));
+		for (var _i = 0, els_1 = els; _i < els_1.length; _i++) {
+		    var el = els_1[_i];
+
+		    var te = doc.createElementNS(n1, "test");
+		    te.setAttributeNS(n1, "bar", "valx");
+		    var te = doc.createElementNS(n1, "test");
+		    te.setAttributeNS(n1, "bar", "valx");
+		    //console.log("New Elm: " + ss(te));
+		    assert.equal(String(te),'<test xmlns="'+n1+'" bar="valx"/>');
+		    el.appendChild(te);
+		    var tx = doc.createElementNS(n2, "test");
+		    tx.setAttributeNS(n2, "bar", "valx");
+		    //console.log("New Elm: " + String(tx));
+		    assert.equal(String(tx),'<test xmlns="'+n2+'" bar="valx"/>');
+		    el.appendChild(tx);
+
+		    //console.log("Element: " + ss(tx));
+		}
+		var sr = String(doc);
+		//console.log("Serialized: " + sr.replace(/>/g, ">\n  "));
+
+	}
+}).run();
+
+
+
+

test/xss-test.js

@@ -0,0 +1,45 @@
+var XMLSerializer = require('xmldom').XMLSerializer
+var DOMParser = require('xmldom').DOMParser;
+var domParser = new DOMParser({xmlns:{'':'http://www.w3.org/1999/xhtml'}});
+
+var excludeTags = new RegExp('^(?:'+['javascript', 'vbscript', 'expression', 
+				'meta', 'xml', 'blink', 'link', 
+				'script', 'applet','embed', 'object',
+				'iframe', 'frame', 'frameset','ilayer', 'layer', 'bgsound', 'base',
+				].join('|')
+				+')$','i');
+var excludeAttrs = /^on|style/i
+var urlAttrs = /(?:href|src)/i
+var invalidURL = /^(data|javascript|vbscript|ftp)\:/
+
+function xss(html){
+	var dom = domParser.parseFromString(html,'text/html')
+	return dom.documentElement.toString(true,function(node){
+		switch(node.nodeType){
+		case 1://element
+			var tagName = node.tagName;
+			if(excludeTags.test(tagName)){
+				return '';
+			}
+			return node;
+		case 2:
+			var attrName = node.name
+			if(excludeAttrs.test(attrName)){
+				return null;
+			}
+			if(urlAttrs.test(attrName)){
+				var value = node.value;
+				if(invalidURL.test(value)){
+					return null;
+				}
+			}
+			return node;
+		case 3:
+			return node;
+		}
+	})
+}
+
+var html = '<div onclick="alert(123)" title="32323"><script>alert(123)</script></div>';
+var result =  xss(html);
+console.log(result)